CISM Exam QuestionsBrowse all questions from this exam

CISM Exam - Question 1089


When an organization experiences a disruptive event, the business continuity plan (BCP) should be triggered PRIMARILY based on:

Show Answer
Correct Answer: D

A Business Continuity Plan (BCP) is generally triggered based on management direction. While factors such as the expected duration of the outage, the root cause of the event, or the type of security incident may influence the decision, it is ultimately the management's responsibility to evaluate the situation and decide when to activate the BCP. This ensures a coordinated and controlled response to the disruptive event.

Discussion

6 comments
Sign in to comment
shootnot
Oct 19, 2024

A- Why not D, because Management direction or decision to activate BCP will be based on some criteria which is primarily 'A'. Why not 'C', because BCP could be non-security event based trigger as well.

hargitOption: A
Mar 3, 2025

The business continuity plan (BCP) should be triggered primarily based on the expected duration of outage (Option A). This approach ensures that the organization can respond promptly to minimize downtime and maintain critical operations

helg420Option: D
Nov 17, 2024

i agree with D. Incident response procedures should dictate the process to enact BCP and thats usually at management discretion. the expected duration will be just one of the many variables to consider

1899f17
Nov 28, 2024

C. type of security incident.

ssdnyOption: D
Sep 24, 2024

I think D

Josef4CISMOption: C
Jan 20, 2025

Type of security incident. This comes with the assumption that the severity of incident is meant.